<?php
//Verificaci'on de que el archivo sea de una extensi'on v'alida.
// begin Dave B's Q&D file upload security code
//var_dump($_POST);
  $allowedExtensions = array("jpg","jpeg","gif","png");
  foreach ($_FILES as $file) {
    if ($file['tmp_name'][0] > '') {
      if (!in_array(end(explode(".",
            strtolower($file['name'][0]))),
            $allowedExtensions)) {
       die($file['name'][0].' is an invalid file type!<br/>'.
        '<a href="javascript:history.go(-1);">'.
        '&lt;&lt Go Back</a>');
      }
	}
  if ($file['tmp_name'][1] > '') {
      if (!in_array(end(explode(".",
            strtolower($file['name'][1]))),
            $allowedExtensions)) {
       die($file['name'][1].' is an invalid file type!<br/>'.
        '<a href="javascript:history.go(-1);">'.
        '&lt;&lt Go Back</a>');
      }
    }
  
  }
  // end Dave B's Q&D file upload security code 
  require $_SERVER["DOCUMENT_ROOT"] . "/aonce_connect.php";

$serie = isset($_GET["serie"]) ? $_GET["serie"] : NULL;
if($serie == NULL)
	$serie = isset($_POST["serie"]) ? $_POST["serie"] : NULL;


/*
 * Mapeo de variables para inserci'on en base de datos.
 */
// Info de Expo
$titulo = htmlentities($_POST["tituloserie"]);
$artista = htmlentities($_POST["artista"]);

//info de item
$titule = htmlentities($_POST["titulo"]);
$year = htmlentities($_POST["year"]);
$material = htmlentities($_POST["material"]);
$medidas = htmlentities($_POST["medidas"]);

/*
 * Queries de alta de exposici'on
 */
$serie_fields = "nombreserie, artista";
if($serie==NULL){
$serie_query = "INSERT INTO serie ($serie_fields) VALUES (\"$titulo\", $artista) ;";
}
else{
$serie_vals = "nombreserie = \"$titulo\", artista = $artista ";
$serie_query = "UPDATE serie SET $serie_vals WHERE idserie=$serie;";
}
//echo $expo_query;

/*
 * Queries de alta de item de serie
 */
$picsser_fields = "titulopicsser, yearpicsser, materialpicsser, medidaspicsser, fotopicsser, serie";
$picsser_query = "INSERT INTO picsser ($picsser_fields) VALUES (\"$titule\", \"$year\", \"$material\", \"$medidas\", \"serie-${serie}_".$_FILES['uploadedfile']['name'][0]."\", $serie) ;";
//echo $picsser_query;
  
/*
 * Conexion a DB y ejecuci'on de queries
 */
$link = conecta();
$serie_result = $link->query($serie_query);
if($serie==NULL){
	$serie = $link->insert_id;
	$picsser_query = "INSERT INTO picsser ($picsser_fields) VALUES (\"$titule\", \"$year\", \"$material\", \"$medidas\", \"serie-${serie}_".$_FILES['uploadedfile']['name'][0]."\", $serie) ;";
}
$picsser_result = $link->query($picsser_query);
$link->close();

$foto_path = $_SERVER["DOCUMENT_ROOT"] . $parent_dir. "/uploads/";
$foto_path = $foto_path . "serie-${serie}_" . basename( $_FILES['uploadedfile']['name'][0]); 

$thumb_path = $_SERVER["DOCUMENT_ROOT"] . $parent_dir. "/thumbs/";
$thumb_path = $thumb_path . "serie-${serie}_" . basename( $_FILES['uploadedfile']['name'][0]); 

//var_dump($_FILES);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'][0], $foto_path)) {
    echo "The file ".  basename( $_FILES['uploadedfile']['name'][0]). 
    " has been uploaded. <br />\n";
} else{
    echo "There was an error uploading the file, please try again!<br />\n";
}
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'][1], $thumb_path)) {
    echo "The file ".  basename( $_FILES['uploadedfile']['name'][1]). 
    " has been uploaded. <br />\n";
} else{
    echo "There was an error uploading the file, please try again!<br />\n";
}

//echo "\n".$serie_query;
//echo "\n".$picsser_query;
printf("<script language=\"javascript\">\ndocument.location=\"nuevaSerie.php?serie=%d\";\n</script>", $serie);
?>
